The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) onl…

The Apache Camel Mail component contains a header injection vulnerability where the MailHeaderFilterStrategy only filters outbound headers but not inbound ones. This allows attackers to inject Camel-specific headers through email messages that can alter route behavior in downstream components like camel-bean, camel-exec, or camel-sql. The vulnerability affects Apache Camel versions 3.0.0 to 4.14.6 and 4.15.0 to 4.18.1. Users should upgrade to version 4.19.0 or appropriate LTS versions 4.18.1 or 4.14.6. This follows a similar pattern to previously addressed vulnerabilities in camel-undertow and broader incoming-header filters.